EU sovereignty push gives tech buyers a new alphabet soup to swallow

Gartner has warned that the EU's plans to triple datacenter capacity in Europe over the next five to seven years will add complexity for public sector tech buyers.The sweeping plans, which encompass sovereign cloud, AI, microprocessors, and open source, will have ramifications for EU tech supply chains and beyond if they get through the legislative process. In the European Technological Sovereignty Package launched last week, the European Commission sought to strengthen its digital autonomy.

Commission President Ursula von der Leyen said: "We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable, and our services secure. This is about protecting our citizens, defending our interests, and making our own choices."

The backdrop to the EU's action is widespread concern about European providers only offering around 15 percent of cloud infrastructure in the region, with the dominant American providers subject to US jurisdiction.The risks were spelled out when US sanctions on International Criminal Court (ICC) prosecutor Karim Khan led to his Microsoft services being suspended. Microsoft denied responsibility, saying it was the ICC's decision. The Dutch press later reported that the decision was made under duress after Microsoft pointed out that its obligations under the sanctions meant it would have to cut off service to the entire organization unless the ICC removed Khan's access.European concerns over reliance on hyperscalers also stem from the US CLOUD Act of 2018, which allows American authorities to compel US-based tech companies to provide requested data, regardless of where that data is stored globally. In June 2025, Microsoft admitted under oath in a French court that it couldn't guarantee digital sovereignty if American authorities demanded access to data held on Microsoft servers on foreign soil.The EU's plan – a set of laws and policies – "creates a transparent, non-discriminatory blueprint for digital autonomy that allows the EU to build resilient, sovereign tech infrastructures at home while providing a trusted, legally sound model for international partnerships and multilateral governance abroad." However, public sector CIOs across Europe are likely to find the Technological Sovereignty Package a challenge to implement. The EU proposes bringing the nebulous concept of "digital sovereignty" to life with an auditable, four-level control system. Union Assurance Levels (UALs), as the political and economic bloc calls it, will be based on where the user organization sits across cumulative measures of control, jurisdiction, data processing, supply chain, and security. "The introduction of UALs will likely cause confusion for providers and buyers, as it adds to an already crowded landscape of existing cloud sovereignty criteria," according to Gartner.UALs are set to become legally enforceable under the Cloud and AI Development Act (CADA), and for public sector tech leaders they will add to an alphabet soup of existing rules and recommendations.